<?php

 /**
 * AclModel
 * 
 * @author yukio
 * @version $Id$
 */

require_once APPLICATION_PATH . '/models/AclModel.php';

class AclModel extends Zend_Acl
{    
    const ROLE_REQUESTER = 'requester';
    const ROLE_SUPPORTER = 'supporter';
    const ROLE_CARRIER   = 'carrier';
    const ROLE_OPERATOR  = 'operator';
    
    const RES_REQUESTER_MENU  = 'requester_menu';// 支援希望者メニューを表示できる
    const RES_REQUESTER_LIST  = 'requester_list';// 支援希望者一覧を表示できる
    const RES_REQUEST_EDIT    = 'req_edit';      // 請求を作成・更新できる
    const RES_REQUEST_DELETE  = 'req_delete';    // 請求を削除・復活できる
    const RES_REQUEST_LIST    = 'req_list';      // 請求を閲覧できる
    const RES_REQUEST_COMMENT = 'req_comment';   // 請求にコメントできる
    const RES_PARTY_MENU      = 'party_menu';    // 団体メニューを表示できる
    const RES_PARTY_LIST      = 'party_list';    // 団体一覧を表示できる
    const RES_STAT_WAIT       = 'stat_wait';     // 支援の状態を「支援待ち」にできる
    const RES_STAT_SUPPORT    = 'stat_support';  // 支援の状態を「支援者確定」にできる
    const RES_STAT_DELIVER    = 'stat_deliver';  // 支援の状態を「配送済み」にできる
    const RES_STAT_COMPLETED  = 'stat_completed';// 支援の状態を「配送済み」にできる
    const RES_STAT_R_CANCEL   = 'stat_r_cancel'; // 支援の状態を「支援希望者が取り消し」にできる
    const RES_STAT_S_CANCEL   = 'stat_s_cancel'; // 支援の状態を「支援者が取り消し」にできる
    const RES_DISABLE_COMMENT = 'dis_comment';   // 支援のコメントを非表示・表示にできる
    const RES_DISABLE_REQUEST = 'req_enable';    // 支援の無効・有効を切り替えられる
    const RES_OPERATOR_MENU   = 'operator_menu'; // 管理者メニューを表示できる
    const RES_ACCOUNT_ENABLE  = 'account_ena';   // アカウントの有効・無効を切り替えられる
    
    public function __construct()
    {        
        $this->addRole(new Zend_Acl_Role($this::ROLE_REQUESTER));
        $this->addRole(new Zend_Acl_Role($this::ROLE_SUPPORTER));
        $this->addRole(new Zend_Acl_Role($this::ROLE_CARRIER));
        $this->addRole(new Zend_Acl_Role($this::ROLE_OPERATOR));
        
        $this->add(new Zend_Acl_Resource($this::RES_REQUESTER_MENU));
        $this->add(new Zend_Acl_Resource($this::RES_REQUESTER_LIST));
        $this->add(new Zend_Acl_Resource($this::RES_REQUEST_EDIT));
        $this->add(new Zend_Acl_Resource($this::RES_REQUEST_DELETE));
        $this->add(new Zend_Acl_Resource($this::RES_REQUEST_LIST));
        $this->add(new Zend_Acl_Resource($this::RES_REQUEST_COMMENT));
        $this->add(new Zend_Acl_Resource($this::RES_PARTY_MENU));
        $this->add(new Zend_Acl_Resource($this::RES_PARTY_LIST));
        $this->add(new Zend_Acl_Resource($this::RES_STAT_WAIT));
        $this->add(new Zend_Acl_Resource($this::RES_STAT_SUPPORT));
        $this->add(new Zend_Acl_Resource($this::RES_STAT_DELIVER));
        $this->add(new Zend_Acl_Resource($this::RES_STAT_COMPLETED));
        $this->add(new Zend_Acl_Resource($this::RES_STAT_R_CANCEL));
        $this->add(new Zend_Acl_Resource($this::RES_STAT_S_CANCEL));
        $this->add(new Zend_Acl_Resource($this::RES_DISABLE_COMMENT));
        $this->add(new Zend_Acl_Resource($this::RES_DISABLE_REQUEST));
        $this->add(new Zend_Acl_Resource($this::RES_OPERATOR_MENU));
        $this->add(new Zend_Acl_Resource($this::RES_ACCOUNT_ENABLE));
        
        // 支援希望者のアクセス権限を設定
        $this->allow($this::ROLE_REQUESTER, $this::RES_REQUESTER_MENU);
        $this->allow($this::ROLE_REQUESTER, $this::RES_REQUEST_EDIT);
        $this->allow($this::ROLE_REQUESTER, $this::RES_REQUEST_LIST);
        $this->allow($this::ROLE_REQUESTER, $this::RES_REQUEST_COMMENT);
        $this->allow($this::ROLE_REQUESTER, $this::RES_STAT_WAIT);
        $this->allow($this::ROLE_REQUESTER, $this::RES_STAT_R_CANCEL);

        // 支援団体のアクセス権限を設定
        $this->allow($this::ROLE_SUPPORTER, $this::RES_PARTY_MENU);
        $this->allow($this::ROLE_SUPPORTER, $this::RES_REQUEST_LIST);
        $this->allow($this::ROLE_SUPPORTER, $this::RES_REQUEST_COMMENT);
        $this->allow($this::ROLE_SUPPORTER, $this::RES_STAT_WAIT);
        $this->allow($this::ROLE_SUPPORTER, $this::RES_STAT_SUPPORT);
        $this->allow($this::ROLE_SUPPORTER, $this::RES_STAT_DELIVER);
        $this->allow($this::ROLE_SUPPORTER, $this::RES_STAT_S_CANCEL);
        $this->allow($this::ROLE_SUPPORTER, $this::RES_STAT_COMPLETED);
        
        // 輸送団体のアクセス権限を設定
        $this->allow($this::ROLE_CARRIER, $this::RES_PARTY_MENU);
        $this->allow($this::ROLE_CARRIER, $this::RES_REQUEST_LIST);
        $this->allow($this::ROLE_CARRIER, $this::RES_REQUEST_COMMENT);
        $this->allow($this::ROLE_CARRIER, $this::RES_STAT_WAIT);
        $this->allow($this::ROLE_CARRIER, $this::RES_STAT_SUPPORT);
        $this->allow($this::ROLE_CARRIER, $this::RES_STAT_DELIVER);
        $this->allow($this::ROLE_CARRIER, $this::RES_STAT_S_CANCEL);
        $this->allow($this::ROLE_CARRIER, $this::RES_STAT_COMPLETED);
        
        // 管理者のアクセス権限を設定
        $this->allow($this::ROLE_OPERATOR, $this::RES_REQUESTER_MENU);
        $this->allow($this::ROLE_OPERATOR, $this::RES_REQUESTER_LIST);
        $this->allow($this::ROLE_OPERATOR, $this::RES_PARTY_MENU);
        $this->allow($this::ROLE_OPERATOR, $this::RES_PARTY_LIST);
        $this->allow($this::ROLE_OPERATOR, $this::RES_REQUEST_EDIT);
        $this->allow($this::ROLE_OPERATOR, $this::RES_REQUEST_LIST);
        $this->allow($this::ROLE_OPERATOR, $this::RES_REQUEST_DELETE);
        $this->allow($this::ROLE_OPERATOR, $this::RES_REQUEST_COMMENT);
        $this->allow($this::ROLE_OPERATOR, $this::RES_STAT_WAIT);
        $this->allow($this::ROLE_OPERATOR, $this::RES_STAT_SUPPORT);
        $this->allow($this::ROLE_OPERATOR, $this::RES_STAT_DELIVER);
        $this->allow($this::ROLE_OPERATOR, $this::RES_STAT_R_CANCEL);
        $this->allow($this::ROLE_OPERATOR, $this::RES_STAT_S_CANCEL);
        $this->allow($this::ROLE_OPERATOR, $this::RES_DISABLE_COMMENT);
        $this->allow($this::ROLE_OPERATOR, $this::RES_DISABLE_REQUEST);
        $this->allow($this::ROLE_OPERATOR, $this::RES_OPERATOR_MENU);        
        $this->allow($this::ROLE_OPERATOR, $this::RES_ACCOUNT_ENABLE);        
    }
    
    /**
     * 複数のリソースに対して論理和によるACL確認を行う。
     * どれか一つでも許可が与えられていた場合にはtrueを返す。 
     *
     * @param $role ロール
     * @param $resources 複数リソース
     * @return boolean 
     */
    public function areAllowed($role, $resources)
    {
        $allowed = false;
        foreach ($resources as $resource) {
            if ($this->isAllowed($this->_session->role, $resource)) {
                $allowed = true;
                break;
            }
        }
        return $allowed;
    }
}